[Git][security-tracker-team/security-tracker][master] Update information forCVE-2023-48795/libssh2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 19 12:45:37 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7581cc09 by Salvatore Bonaccorso at 2023-12-19T13:42:59+01:00
Update information forCVE-2023-48795/libssh2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -187,6 +187,9 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	- golang-go.crypto <unfixed> (bug #1059003)
 	- libssh <unfixed> (bug #1059004)
 	- libssh2 <unfixed> (bug #1059005)
+	[bookworm] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
+	[bullseye] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
+	[buster] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
 	- openssh 1:9.6p1-1
 	- paramiko <unfixed> (bug #1059006)
 	- putty 0.80-1
@@ -205,6 +208,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/89df759200d31fc79fbbe213d8eda0d329eebf6d (libssh-0.10.6)
 	NOTE: libssh2: https://github.com/libssh2/libssh2/issues/1290
 	NOTE: libssh2: https://github.com/libssh2/libssh2/pull/1291
+	NOTE: libssh2: https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
 	NOTE: OpenSSH: https://www.openwall.com/lists/oss-security/2023/12/18/2
 	NOTE: OpenSSH (strict key exchange): https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 (V_9_6_P1)
 	NOTE: paramiko: https://github.com/paramiko/paramiko/issues/2337



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7581cc09df4b466c3ed120fe3575ae843287f693

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7581cc09df4b466c3ed120fe3575ae843287f693
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/7ebc8ea1/attachment.htm>

More information about the debian-security-tracker-commits mailing list